Update QOP checks to use QOP class attributes

TimoshinNikita · Mar 7, 2018 · f1fa6c3 · f1fa6c3
1 parent 9157886
commit f1fa6c3
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,4 @@
 build/
 dist/
 pure_sasl.egg-info/
+.idea
diff --git a/puresasl/mechanisms.py b/puresasl/mechanisms.py
@@ -295,7 +295,7 @@ def response(self):
         resp['digest-uri'] = quote(self._digest_uri)
 
         a2 = b'AUTHENTICATE:' + self._digest_uri
-        if self.qop != b'auth':
+        if self.qop != QOP.AUTH:
             a2 += b':00000000000000000000000000000000'
             resp['maxbuf'] = b'16777215'  # 2**24-1
         resp['response'] = self.gen_hash(a2)
@@ -377,7 +377,7 @@ def gen_hash(self, a2):
     # untested
     def authenticate_server(self, cmp_hash):
         a2 = b':' + self._digest_uri
-        if self.qop != b'auth':
+        if self.qop != QOP.AUTH:
             a2 += b':00000000000000000000000000000000'
         if self.gen_hash(a2) == cmp_hash:
             self._rspauth_okay = True
@@ -500,9 +500,9 @@ def process(self, challenge=None):
         return base64.b64decode(response)
 
     def wrap(self, outgoing):
-        if self.qop != b'auth':
+        if self.qop != QOP.AUTH:
             outgoing = base64.b64encode(outgoing)
-            if self.qop == b'auth-conf':
+            if self.qop == QOP.AUTH_CONF:
                 protect = 1
             else:
                 protect = 0
@@ -512,11 +512,11 @@ def wrap(self, outgoing):
             return outgoing
 
     def unwrap(self, incoming):
-        if self.qop != b'auth':
+        if self.qop != QOP.AUTH:
             incoming = base64.b64encode(incoming)
             kerberos.authGSSClientUnwrap(self.context, incoming)
             conf = kerberos.authGSSClientResponseConf(self.context)
-            if 0 == conf and self.qop == b'auth-conf':
+            if 0 == conf and self.qop == QOP.AUTH_CONF:
                 raise Exception("Error: confidentiality requested, but not honored by the server.")
             return base64.b64decode(kerberos.authGSSClientResponse(self.context))
         else:

diff --git a/tests/unit/test_mechanism.py b/tests/unit/test_mechanism.py
@@ -110,17 +110,17 @@ class GSSAPIMechanismTest(_BaseMechanismTests):
         @patch('puresasl.mechanisms.kerberos.authGSSClientUnwrap')
         def test_wrap_unwrap(self, _inner1, _inner2, authGSSClientResponse, *args):
             # bypassing process setup by setting qop directly
-            self.mechanism.qop = b'auth'
+            self.mechanism.qop = QOP.AUTH
             msg = b'msg'
             self.assertIs(self.sasl.wrap(msg), msg)
             self.assertIs(self.sasl.unwrap(msg), msg)
 
-            for qop in (b'auth-int', b'auth-conf'):
+            for qop in (QOP.AUTH_INT, QOP.AUTH_CONF):
                 self.mechanism.qop = qop
                 with patch('puresasl.mechanisms.kerberos.authGSSClientResponseConf', return_value=1):
                     self.assertEqual(self.sasl.wrap(msg), base64.b64decode(authGSSClientResponse.return_value))
                     self.assertEqual(self.sasl.unwrap(msg), base64.b64decode(authGSSClientResponse.return_value))
-                if qop == b'auth-conf':
+                if qop == QOP.AUTH_CONF:
                     with patch('puresasl.mechanisms.kerberos.authGSSClientResponseConf', return_value=0):
                         self.assertRaises(Exception, self.sasl.unwrap, msg)
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,3 +4,4 @@ @@
     build/
     dist/
     pure_sasl.egg-info/
+    .idea